You would not store your most private diary in a public library. So why would you store your most personal digital messages on a server governed by laws that allow foreign governments to read them?

Data privacy is not a technical feature. It is a jurisdictional one. And jurisdiction is determined by geography.

The problem with US-based cloud storage

The majority of consumer cloud services (Google Drive, iCloud, Dropbox, OneDrive) are operated by US companies and subject to US law. This includes the CLOUD Act (2018), which grants US law enforcement the ability to compel any US-based company to hand over data stored on its servers, regardless of where those servers are physically located.

This means that even if a US company stores your data on a server in Europe, US authorities can still legally demand access to it. Your physical location is irrelevant. The company's incorporation is what matters.

Why Switzerland is different

Switzerland is not a member of the European Union. It is not subject to US jurisdiction. And it has its own data protection framework, the Federal Act on Data Protection (FADP), which was substantially revised in 2023 to provide some of the strongest privacy protections in the world.

Key features of Swiss data privacy law:

• No mass surveillance: Swiss law prohibits the kind of bulk data collection that other jurisdictions permit.
• Strict consent requirements: Data processing requires explicit, informed consent.
• No foreign compulsion: Swiss companies cannot be compelled by foreign governments to hand over data without going through Swiss legal channels.
• Constitutional privacy: Privacy is enshrined in Article 13 of the Swiss Federal Constitution.

Why this matters for personal messages

A love letter to your partner is not a bank statement. A video message to your child is not a tax return. These are the most intimate, vulnerable things you will ever create. They deserve the highest level of protection that exists.

Storing them on a platform that is legally obligated to hand them over upon request, to any government with a sufficiently broad warrant, is not security. It is the illusion of security.

The Afterword approach

Afterword stores all user data on Swiss-sovereign infrastructure operated by Exoscale, a Swiss cloud provider with data centres in Zurich and Geneva. The data never leaves Swiss jurisdiction. It is not subject to the CLOUD Act, FISA, or any foreign data access framework.

Combined with client-side encryption (your messages are encrypted before they leave your device), this creates a system where even Afterword itself cannot read your messages. Only your designated recipients, at the designated time, can decrypt them.

Privacy is not a feature you toggle on. It is a foundation you build on. And foundations are made of laws, not checkboxes.